A federal review of national security will consider whether Canada’s spy service should be able to sift through the kind of personal data it kept illegally for years, says Public Safety Minister Ralph Goodale.

Goodale said Friday the notion that the Canadian Security Intelligence Service should avoid stashing away information about innocent people is a “fundamental principle of Canadian privacy.”

But the minister appeared to leave the door open to one day giving CSIS the legal authority to keep and analyze electronic data about individuals who do not pose a security threat.

He indicated the federal security review already under way would be a good forum to explore the matter.

“I want to hear the professional advice on both sides,” Goodale told a news conference in the foyer of the House of Commons. “I’m not pre-empting the consultation.”

A Federal Court judge says CSIS violated the law over a 10-year period by keeping potentially revealing electronic data about people who were not targets of investigation.

In a pointed ruling made public Thursday, Justice Simon Noel said CSIS breached its duty to inform the court of its data-collection program, since the information was gathered using judicial warrants.

CSIS processed the data beginning in 2006 using a powerful program known as the Operational Data Analysis Centre to produce intelligence that can reveal specific, intimate details about people, the judge said.

The improperly retained material was metadata – information associated with a communication, such as a telephone number or email address, but not the message itself. It is believed to have included data trails related to people such as friends or family members who knew the targets of surveillance but were not themselves under investigation.

The ruling means metadata can now be kept and used by CSIS only if it relates to a specific threat to Canadian security or if it is of use to an investigation, prosecution, national defence or foreign affairs.

In a hastily assembled news conference Thursday after the decision become public, CSIS director Michel Coulombe said the spy service had halted all access to, and analysis of, the data in question while it thoroughly reviews the court decision.

Goodale said he became aware of the “full scope of the issue” when the court judgment was made available to him in preliminary form a couple of weeks ago.

He said he took the immediate step of informing the Security Intelligence Review Committee, the watchdog over CSIS, and asked the review committee to supervise management of the data and ensure full compliance with the judgment.

Coulombe “understands my expectations here,” Goodale added.

“A serious error has been made. This situation needs to be remedied. It has to be remedied quickly.”

Privacy commissioner Daniel Therrien said the spy service had already contacted his office. “At this point I can tell you that we welcome discussions on changes to CSIS policies required by the judgment.”

It marks the second time in recent months that CSIS’s data analysis practices have been questioned.

In its latest annual report, tabled in September, the intelligence review committee said CSIS used datasets to identify previously unknown individuals of interest by linking together types of information that have indicated “threat behaviour.”

“They can be used to conduct indices checks by taking information already connected to a potential threat – such as an address, phone number or citizen identification number – and using it to search for ‘hits’ in the data,” the review committee report said.

CSIS argued that openly sourced and publicly available datasets were akin to the phone book and therefore restrictions in the CSIS Act limiting collection to “strictly necessary” information did not apply.

However, the review committee looked at the full list of datasets held by CSIS and, in come cases, disagreed with the spy service’s assessment that they were publicly available and therefore beyond the legal restriction.

As a result of the committee’s intervention, CSIS finalized and implemented guidelines for acquiring bulk data and agreed to ensure it abides by the CSIS Act in collecting such information.

In his ruling on the illegal metadata analysis, Noel suggested it was time to review the 32-year-old CSIS Act to answer the needs of the present and perhaps “unforeseen times ahead with an adaptation to new technologies at play.”

The NDP said Friday the latest revelations underscore the need for stronger parliamentary oversight.

The New Democrats are pushing for changes to a bill that would create a committee of parliamentarians to keep an eye on CSIS and other spy services. NDP MP Murray Rankin said the proposed model would allow the government to arbitrarily deny crucial information to the committee.

Goodale flatly rejected the criticism, saying the committee would have extraordinary authority to look at classified information.